Help making a making a multi select imput form sticky

Hi Everyone

I have a form field that has a multi select imput field .

i am now trying to make this imput box "sticky" i.e return all the values to the field that the user has just clicked.

i have drafted the code for it and the form seems to work perfectly ; the values are actaully all received. the only problem is that the imput field is not showing the values that have previouly selected.

i enclose my code below and would really appriciate any advice/assistance on this;

You take the values from $_POST['fleunt_lang'], put them into a comma-separated list (why?), then escape the whole string and put it into an array (as the only element).

Then you apply mysqli_fetch_array() to an empty array (??) and check if the language_id from the non-existent query occurs in that one-element array you created earlier. What?

Either you've forgotten half of your code (where's the query?), or this whole thing makes absolutely no sense. Just for your information: Putting a string like "1,2,3" into an array does not magically split the string into numbers and get you a three-element array. You just get an array with a string in it.

Are you sure this is the right function? In your code, it's language_list(), language_id etc.

Originally Posted by andreea115

you asked why i put the returned values into a "comma-separated list". i did this beucase i wanted to place a comma between the values and then place them into an array.

You seem to confuse two different things. An array is a "living" object of the program, it has nothing to do with commas or something. That's just how you describe the array in your code.

What you're doing is kind of like writing the word "tree" on a piece of paper and thinking this is now an actual tree.

You can append elements to an array with the "[]" syntax: $arr[] = ...

But in this particular case, I'd simply use array_map() to trim the values of $_POST['fleunt_lang']:

PHP Code:

$selected_languages = array_map('trim', $_POST['fleunt_lang']);

You also seem to be confused about when and where to use escaping functions.

Escaping is done right before you put a value into an "executable" context like a database query or HTML markup. In any other case you need to use the original values, especially when you want to check them.

What you're doing just garbles the input. You apply the SQL escaping method to the user input and the HTML escaping method to the database values. If this was about more complex strings than just language names, you would end up with complete nonsense: Assuming both value are

Code:

'a' < 'b'

Then you'd end up comparing

Code:

&apos;a&apos; &lt; &apos;b&apos;

with

Code:

\'a\' < \'b\'

So just check the values from the database against the values from POST: